2023.07.22 보안 이슈

==2023.07.22==

# 취약점 / 악성코드 

- HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html

- 리눅스 시스템을 노리는 Reptile 악성코드

https://asec.ahnlab.com/ko/55379/

- CHM 파일로 유포되는 정보유출 악성코드

https://asec.ahnlab.com/ko/55462/

- A Few More Reasons Why RDP is Insecure (Surprise!)

https://thehackernews.com/2023/07/a-few-more-reasons-why-rdp-is-insecure.html

- 지라의 유명 플러그인의 고위험군 취약점 익스플로잇 되고 있어

 https://www.boannews.com/media/view.asp?idx=120355&kind=1&sub_kind= 

- 사이버 생태계를 더 위험하게 만드는 골칫거리, 룻키트

 https://www.boannews.com/media/view.asp?idx=120322&kind=1&sub_kind= 

- New critical Citrix ADC and Gateway flaw exploited as zero-day

https://www.bleepingcomputer.com/news/security/new-critical-citrix-adc-and-gateway-flaw-exploited-as-zero-day/

- Google Cloud Build bug lets hackers launch supply chain attacks

https://www.bleepingcomputer.com/news/security/google-cloud-build-bug-lets-hackers-launch-supply-chain-attacks/

- FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks

https://thehackernews.com/2023/07/fin8-group-using-modified-sardonic.html

- CISA orders govt agencies to mitigate Windows and Office zero-days

https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-mitigate-windows-and-office-zero-days/

- 심각한 무브잇 사태, 피해 기업은 340곳 넘는 것으로 추정돼

 https://www.boannews.com/media/view.asp?idx=120264&kind=1&sub_kind= 

- Hackers exploiting critical WordPress WooCommerce Payments bug

https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-wordpress-woocommerce-payments-bug/

- Critical ColdFusion flaws exploited in attacks to drop webshells

https://www.bleepingcomputer.com/news/security/critical-coldfusion-flaws-exploited-in-attacks-to-drop-webshells/

- Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps

https://thehackernews.com/2023/07/hackers-exploit-webapk-to-deceive.html

- 팀TNT, AWS 크리덴셜 노리다가 GCP와 애저로도 눈길 돌려

 https://www.boannews.com/media/view.asp?idx=120218&kind=1&sub_kind= 

- 알고 보니 봇넷 멀웨어였던 스윙VPN, 구글 플레이에서 쫓겨나

 https://www.boannews.com/media/view.asp?idx=120216&kind=1&sub_kind= 

- MS-SQL 서버로 유포되는 PurpleFox

https://asec.ahnlab.com/ko/55302/

- 안랩 “올해 상반기 발견된 악성코드 71%는 추가 해킹 위한 것”

 https://news.kbs.co.kr/news/view.do?ncd=7725527 

- "클라우드 취약점 공격과 위협 사례, 작년 대비 각각 95%, 200% 증가"

 https://www.dailysecu.com/news/articleView.html?idxno=147875 

- Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

https://securityaffairs.com/148488/apt/gamaredon-ttps.html

# 국가지원 해킹그룹

- GitHub warns of Lazarus hackers targeting devs with malicious projects

https://www.bleepingcomputer.com/news/security/github-warns-of-lazarus-hackers-targeting-devs-with-malicious-projects/

- Microsoft: Hackers turn Exchange servers into malware control centers

https://www.bleepingcomputer.com/news/security/microsoft-hackers-turn-exchange-servers-into-malware-control-centers/

- Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware

https://thehackernews.com/2023/07/chinese-apt41-hackers-target-mobile.html

- 국정원 “북한 IT인력 국내 기업 해외지사 위장취업 시도 적발”

https://www.khan.co.kr/economy/economy-general/article/202307191240001

- 北, 우리국민 신용카드 정보 털었다

 http://news.heraldcorp.com/view.php?ud=20230719000511 

- Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

https://thehackernews.com/2023/07/pakistani-entities-targeted-in.html

- 돈 독 제대로 오른 북한... 점프클라우드 침해 사고 배후에도 북한 있어

 https://www.boannews.com/media/view.asp?idx=120401&kind=1&sub_kind= 

- JumpCloud breach traced back to North Korean state hackers

https://www.bleepingcomputer.com/news/security/jumpcloud-breach-traced-back-to-north-korean-state-hackers/

- JumpCloud discloses breach by state-backed APT hacking group

https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-backed-apt-hacking-group/

- 해킹 강국 북한의 APT 그룹, 2023년 상반기 위협 동향은?

 https://www.boannews.com/media/view.asp?idx=120203&kind=1&sub_kind= 

- MS “중국 해커들, 코드 결함 이용해 미국 정부 이메일 해킹”

 https://news.kbs.co.kr/news/view.do?ncd=7724493 

https://www.globalvillagespace.com/tech/microsoft-uncertain-about-hackers-method-for-stealing-azure-ad-signing-keys/

https://www.bleepingcomputer.com/news/security/stolen-microsoft-key-offered-widespread-access-to-microsoft-cloud-services/

 https://www.wowtv.co.kr/NewsCenter/News/Read?articleId=AKR20230723001200091 

# 랜섬웨어 / 정보유출

- 빠르게 증가하고 있는 리눅스 랜섬웨어, 사회 전체의 문제로 인지해야

 https://www.boannews.com/media/view.asp?idx=120358&kind=1&sub_kind= 

- 유안타증권, ‘티레이더 배틀’ 유지관리 직원의 개인정보 무단 유출사고 발생

 https://www.boannews.com/media/view.asp?idx=120347&kind=1&sub_kind= 

- Ransomware Statistics, Facts, and Trends in 2023

https://voonze.com/ransomware-statistics-facts-and-trends-in-2023/

- Meet NoEscape: Avaddon ransomware gang's likely successor

https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/

- 2023년 상반기 역대급 피해 써내려가는 랜섬웨어, 얼마나 당했나

 https://www.boannews.com/media/view.asp?idx=120221&kind=1&sub_kind= 

# 다크웹 / OSINT / 계정 / 피싱

- '텔레그램' 링크 잘못 눌렀다가 계정 털린다…'해킹 주의보'

 https://mobile.newsis.com/view.html?ar_id=NISX20230721_0002385479 

- 악명 높은 다크웹 시장, 새로운 주인 만나 다음 달부터 문 연다

 https://www.boannews.com/media/view.asp?idx=120268&kind=1&sub_kind= 

- Fake Ads Manager Software and Malicious Extensions Target Facebook Accounts

https://www.hackread.com/malicious-ads-manager-extensions-facebook-accounts/

#AI 

- “LLM/AI 지원 패키지 종속성, 앱 보안 위협 높인다” 엔돌 랩스 보고서 

https://www.itworld.co.kr/news/299989

- 메타, 차세대 오픈소스 대규모 언어모델 ‘라마2’ 공개…“연구·상용 목적 활용 가능” 

 https://www.datanet.co.kr/news/articleView.html?idxno=185512 

- Hands on with GPT-4-powered Bing AI Chat's virtual search

https://www.bleepingcomputer.com/news/microsoft/hands-on-with-gpt-4-powered-bing-ai-chats-virtual-search/

- 구글의 인공지능 바드, 챗GPT에 비해 훨씬 쉽게 농락 가능

 https://www.boannews.com/media/view.asp?idx=120215&kind=1&sub_kind= 

- Windows Copilot arrives in the fall with Windows 11 23H2

https://www.bleepingcomputer.com/news/microsoft/windows-copilot-arrives-in-the-fall-with-windows-11-23h2/

- WormGPT, the generative AI tool to launch sophisticated BEC attacks

https://securityaffairs.com/148504/cyber-crime/wormgpt-bec-attacks.html

- "AI의 취약점은 결국 '사람'...AI 위협은 AI로 막아야"

 https://news.mt.co.kr/mtview.php?no=2023071414302579950 

# 공급망

- Open-source supply chain attacks expand to the banking sector

https://therecord.media/banks-open-source-software-supply-chain-cyberattacks-npm

# 기타

- 2026년부터 정부 全기관에 K-제로 트러스트 적용된다 

https://www.etnews.com/20230719000149

- Microsoft expands access to cloud logging data for free after Exchange hacks

https://www.bleepingcomputer.com/news/microsoft/microsoft-expands-access-to-cloud-logging-data-for-free-after-exchange-hacks/

- CISA shares free tools to help secure data in the cloud

https://www.bleepingcomputer.com/news/security/cisa-shares-free-tools-to-help-secure-data-in-the-cloud/

- 미국의 바이든 행정부, 국가 사이버 보안 전략 구축 위한 계획서 발표

 https://www.boannews.com/media/view.asp?idx=120223&kind=1&sub_kind= 

- 2023 상반기, 게임개발·방송·교육 분야서 사이버 공격 비중 높게 나타나

 https://www.dailysecu.com/news/articleView.html?idxno=147873 

- Thousands of images on Docker Hub leak auth secrets, private keys

https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/